Topics

Featured in Development

Alex Bradbury gives an overview of the status and development of RISC-V as it relates to modern operating systems, highlighting major research strands, controversies, and opportunities to get involved.

Featured in Architecture & Design

Will Jones talks about how Habito, the leading digital mortgage broker, benefited from using Haskell, some of the wins and trade-offs that have brought it to where it is today and where it's going next. He also talks about why functional programming is beneficial for large projects, and how it helps especially with migrating the data store.

Featured in AI, ML & Data Engineering

Katharine Jarmul discusses research related to fair-and-private ML algorithms and privacy-preserving models, showing that caring about privacy can help ensure a better model overall and support ethics.

Featured in DevOps

Service mesh architectures enable a control and observability loop. At the moment, service mesh implementations vary in regard to API and technology, and this shows no signs of slowing down. Building on top of volatile APIs can be hazardous. Here we suggest to use a simplified, workflow-friendly API to shield organization platform code from specific service-mesh implementation details.

Cloudera Acquires Big Data Encryption Startup Gazzang

Hadoop distributor Cloudera pursued its strategy of securing the Hadoop ecosystem by acquiring last month the big data encryption and key management startup Gazzang. The deal will strengthen Cloudera's security offering and lead to the creation of a center of excellence for Hadoop security that will initially be fueled by Gazzang’s engineering team.

Founded in Texas in 2010 and employing about 40 people, Gazzang is no stranger to Cloudera’s community. Its technology has been certified by Cloudera since 2012 and its two leading products zNcrypt and zTrustee - now called Cloudera Navigator Encrypt and Cloudera Navigator Trustee - are already available as a downloadable parcel for Cloudera Enterprise 5, the latest version of Cloudera’s big data platform. It also has nearly 200 paying customers, including several Fortune 100 companies.

The acquisition will allow Cloudera to further the integration of Gazzang’s technology with its Enterprise product and offer a unified solution to organizations that have a legal obligation to comply with public regulations such as HIPAA-HITECH (health insurance), PCI-DSS (payment cards), FERPA (education), or the EU Data Protection Directive.

From a technical perspective, Navigator Encrypt leverages open source technologies such as eCryptfs (Enterprise Cryptographic Filesystem) and dm-crypt (disk encryption) to provide block-level TDE (transparent data encryption) and process-based access controls to restrict access to specific system processes. Because it operates at the file system level and supports Intel's AES-NI (Advanced Encryption Standard New Instructions), all HDFS files, HBase records, Hive metadata audit logs and any other file are encrypted and decrypted on the fly with minimal performance hit.

As David Tishgart, former director of marketing and alliances at Gazzang, explained on Cloudera's blog that using the latest industry standard AES-256 cipher to encrypt sensitive data is not enough to fulfill major compliances. Companies also need to think about key management, access controls, processes and documentation. This is where Navigator Trustee comes handy. This universal key manager allows users to store and manage any cryptographic object (including SSL certificates, SSH public-private keys, encryption keys and Java KeyStores) and enforce a broad range of security rules such as object authorization, expiration, revocation and retrieval limits. It also provides detailed logging and reporting features to keep track of all activities associated with objects, requests, and policies.

Can you account for all the sensitive data that may fall under compliance scope?

Commenting on the acquisition, Adrian Lane, CTO of Securosis, an information security research and advisory firm based in Arizona, said in a blog post:

Bundling encryption and key management capabilities into platforms will make them faster and easier to deploy – a win for customers. I usually have a handful of risks and downsides for every acquisition, but it is hard to criticize this deal because there are not that many possible downsides. This is an astute acquisition by Cloudera.

Cloudera's announcement is part of a recent industry-wide push to address the notorious lack of security in the Hadoop ecosystem, including the launch in 2013 of Project Rhino by Intel and Apache Sentry by Cloudera (the two projects have now merged), and the acquisition of XA Secure by Hortonworks in May 2014.